Uber fined peanuts in God View surveillance, data breach investigation

For a company with a valuation of over $50 billion, a $20,000 fine over user data protection is laughable.
Written by Charlie Osborne, Contributing Writer

Uber has been fined a mere $20,000 over the use of the "God View" tool to track users and the firm's overall lax security practices and subsequent data breach.

As reported by Market Watch, New York's Attorney General Eric Schneiderman is expected to announce the end of a 14-month probe into Uber's data protection rules and regulations.

Uber is akin to a taxi service with a modern twist. The company allows users to book rides through a mobile app -- rather than flag down or book a traditional driver -- and has proven popular. The app is available in 60 countries and 300 cities and is used by over eight million people. Uber says that roughly one million rides are booked through the company every day.

However, traditional taxi firms and governments are constantly attempting to have the app banned, and following investigations conducted by Buzzfeed, the company came under scrutiny concerning how it handled sensitive user data.

In 2014, Uber discovered that a security breach had exposed the data of approximately 50,000 drivers across multiple US states.

Things were fated to get worse for Uber, as the San Francisco, California-based firm once again came under the media spotlight in 2014 over "God View," an aerial tracking system used to track riders.

The tool, once widely available for use by Uber employees, revealed the locations of cars signed up to the service -- and came to light when the general manager of Uber New York Josh Mohrer revealed to a journalist that he was both tracking her Uber ride and accessed her ride history logs without permission.

The situation prompted an investigation of Uber's data and security policies, and has results in a fine of $20,000 -- based on the 2014 security breach, which Uber failed to inform affected drivers of in a timely fashion. While this fine does not relate to God View in particular, the transport firm has agreed to restrict access to the tool and adopt more rigorous privacy and security practices.

Changes to the firm's practices include using password protection and encrypting the location data of Uber riders and drivers, implementing multi-factor authentication and using other "protective technologies" to help protect user data.

A copy of the settlement acquired by Buzzfeed reads:

"Uber has represented that it has removed all personally identifiable information of riders from its system that provides an aerial view of cars active in a city, has limited employee access to personally identifiable information of riders, and has begun auditing employee access to personally identifiable information in general."

Speaking to the publication, a Buzzfeed spokesman said they were "pleased" to have reached an agreement with the New York Attorney General and are "deeply committed to protecting the privacy and personal data of riders and drivers."

Earlier this month, reports surfaced that San Francisco's largest taxi company, Yellow Cab, is close to filing for bankruptcy due to stiff competition from Uber, rival ride-sharing firm Lyft and a number of unresolved court cases.

Top tech products revealed at CES 2016 so far

Editorial standards